Hey,
I am trying to set up test bench for base-band fuzzing using the Osmocom stack and a couple of SDRs (b210 and bladerf).
I have managed to setup everything to my liking in terms of a functional network using the tutorial (https://osmocom.org/projects/cellular-infrastructure/wiki/Osmocom_Network_In...) and the latest stable packages from https://osmocom.org/projects/cellular-infrastructure/wiki/Latest_Builds
Now I want to enable the silent_call functionality to begin testing but I can't seem able to do so.
I have reverted the silent_call patch (https://gerrit.osmocom.org/#/c/openbsc/+/1930/) for OpenBSC inside the "new" OsmoMSC but unfortunately that did not work.
I have then started trying to figure out how the silent_call interacts with the rest of the state machine, but I don't seem to be making much progress.
Please see attached a log for the communication between OsmoMSC (which triggers silent_call) and OsmoBSC. The connection seems to fail due to issues related to either "Congestion" (if GPRS is enabled) or a timeout of T0 (if GPRS is disabled).
Can anyone help?
Thanks
On Fri, Oct 12, 2018 at 04:35:04PM +0100, Mihai Ordean wrote:
Now I want to enable the silent_call functionality to begin testing but I can't seem able to do so.
Historically, the silent call feature was an important part of the Osmocom heritage: IIRC demonstrating a silent call to locate a phone was one of the important early goals of implementing osmo-nitb aka bsc_hack in the first place, and from there things have evolved to the multi component externally compatible stack we have today.
But, these days, I don't know of anyone testing on a regular basis whether silent call works, be it manually or automatically. Typically that is a guarantee for bit rot and breakage.
I'm fairly certain that is, sadly, the case with the silent call feature. It should work, but one refactoring or the other has broken it.
Looking at the log, I believe the fix is fairly trivial:
Today's MSC strictly monitors connections by subscribers, and first ensures they get accepted (in terms of authentication), and then ensures that they establish some sort of meaningful request/response interaction.
So I think all we need is that in paging_cb_silent(), we transition the conn FSM from SUBSCR_CONN_S_ACCEPTED to SUBSCR_CONN_S_COMMUNICATING, to stop the timer that watches validity. See msc_subscr_conn_communicating().
It would be excellent if you could try to implement and test yourself. If you need help, do ask again.
~N
Hey
Thanks for the suggestion!
I finally had some time for a bit more debugging and was able to make silent_call work. As it turns out, aside from reverting the silent call patch from (https://gerrit.osmocom.org/#/c/openbsc/+/1930/) some changes had to be made to subscr_conn.c to enable the fsm transitions suggested for silent_call i.e. SUBSCR_CONN_S_NEW to SUBSCR_CONN_S_COMMUNICATING.
If anyone is interested, I'm attaching the patch against the latest git version (f6400737).
Mihai
On 15/10/2018 11:57, nhofmeyr@sysmocom.de wrote:
On Fri, Oct 12, 2018 at 04:35:04PM +0100, Mihai Ordean wrote:
Now I want to enable the silent_call functionality to begin testing but I can't seem able to do so.
Historically, the silent call feature was an important part of the Osmocom heritage: IIRC demonstrating a silent call to locate a phone was one of the important early goals of implementing osmo-nitb aka bsc_hack in the first place, and from there things have evolved to the multi component externally compatible stack we have today.
But, these days, I don't know of anyone testing on a regular basis whether silent call works, be it manually or automatically. Typically that is a guarantee for bit rot and breakage.
I'm fairly certain that is, sadly, the case with the silent call feature. It should work, but one refactoring or the other has broken it.
Looking at the log, I believe the fix is fairly trivial:
Today's MSC strictly monitors connections by subscribers, and first ensures they get accepted (in terms of authentication), and then ensures that they establish some sort of meaningful request/response interaction.
So I think all we need is that in paging_cb_silent(), we transition the conn FSM from SUBSCR_CONN_S_ACCEPTED to SUBSCR_CONN_S_COMMUNICATING, to stop the timer that watches validity. See msc_subscr_conn_communicating().
It would be excellent if you could try to implement and test yourself. If you need help, do ask again.
~N
-
Mihai Ordean -
Neels Hofmeyr